19032a633afb59d6a619f5f9cc1158a2_JaffaCakes118 | Triage

Sharing

General

Target

19032a633afb59d6a619f5f9cc1158a2_JaffaCakes118
Size

865KB
MD5

19032a633afb59d6a619f5f9cc1158a2
SHA1

200eaa035a9caaf10cbbfb6a49208dd006babdf6
SHA256

35bc08c80902a5f572582183c9b89891cccf2a80b5527e9a00a573e30a0883bb
SHA512

82a77646c6b1171fcaa311a7408f4a1178cbb8b980c7f030beb6a58766642b68dfdefa0a00f426ce333b11ee7017702f83dacf391ac7b05baf498df2b27b27bd
SSDEEP

24576:HjmyKIeu4p0/h/2C/LCWWwwndeJNW24sbtv4SPJ:HjZKIeu4p0/52C/+WPwndcNW24sJv4SB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

19032a633afb59d6a619f5f9cc1158a2_JaffaCakes118

Files

19032a633afb59d6a619f5f9cc1158a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Mike\Desktop\Darkcomet\Crypted Server.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 690KB - Virtual size: 689KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 103B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ